In a year when social media giants and governments alike have made headlines for tracking users online without their consent, battening down the virtual hatches has become a vital part of Internet hygiene. Blocking tracking technologies, however, also disables those handy auto-fill log-ins and web personalization features, preventing you from easily shopping online and making your web experience feel as if you’re back in 1999.
So we went in search of privacy tools that don’t impact your browsing experience. We tested browser tools ranging from the basic Private Mode on all browsers to full-featured ad blockers. We looked at the four most-used browsers in the United States: Chrome, Firefox, Safari and Internet Explorer. Here's what we found to be most helpful for safeguarding your privacy and anonymity — and what measures of convenience you might have to give up if you use them.
The lowdown on cookies
Cookies are small text files that contain one or more bits of information about your computer, most commonly a user ID a website assigns you in order to keep track of your movements through the site. Cookies are often essential to using a site successfully, enabling you to check out from shopping sites or click around Facebook without having to repeatedly re-enter your password.
These first-party cookies come from the website you're on and exist mostly to offer you a personalized web experience. Benefits include greeting you by name, giving you weather data relevant to your home location and keeping track of your achievements in a game.
It's the third-party cookies from ads on the websites you visit that track you as you move between websites. Advertisers place these cookies in their advertisements, allowing them to follow your movements among the network of sites where they advertise.
Information about your surfing patterns goes toward compiling a profile of preferences and basic personal data — things like location, age and gender — that is used to create targeted advertising. If you've clicked on a lot of gardening sites, for example, targeted ad placements could even show you ads for tools or plants on non-gardening sites. If that bothers you, you can disable third-party cookies in your browser settings.
Browse in Private Mode
Seeing targeted advertising probably doesn’t bother most people if all they're surfing for is news, cute cat pictures or a new iPhone. But for looking up information about something like health concerns, privacy mode allows you to browse without associating the search with your existing profile.
To open a private window in your browser.
- Firefox: Ctrl/Cmd+Shift+P
- Chrome: Ctrl/Cmd+Shift+N
- Safari: Safari/Private Browsing
- Internet Explorer: Ctrl/Cmd+Shift+P
This turns off your web history and enables the cookies necessary for the site to work but blocks third-party cookies. At the end of the session, all cookies are deleted.
Browsing in Privacy Mode does not stop the website from recording that you were there based on your IP address, which can still be tracked. And, crucially, privacy mode doesn't stop social networks from tracking you. It's best used for hiding activity on a shared computer rather than actually remaining invisible online.
Block third-party cookies
Third-party cookies aren't the only way to track people around the Internet, but disabling them in your browser's settings means advertisers can no longer store files on your browser to track your web surfing.
Here’s how to block third-party cookies, assuming you're running the most recent versions of the browsers (a good idea from a security point of view):
- Chrome: Preferences > Show Advanced Options (at the bottom) > Privacy > Content settings > Check “block third party cookies and site data.”
- Internet Explorer: Tools > Internet Options > Privacy > Move the slider to the level of cookies you want blocked
- Firefox: Preferences > Privacy > History > Select “Use custom settings for history,” then set “Accept third-party cookies” to Never.
- Safari: Preferences > Privacy > Select to block cookies “from third parties and advertisers.”
Some websites require third-party cookies to work; for example, Microsoft asks you to accept cookies when downloading an update. In these cases, head into your browser settings and add the sites as exceptions.
Block the Flash super cookie
Sites may store Flash cookies on your computer regardless of whether you have allowed third-party cookies. Flash cookies can't be easily deleted, and they may be downloaded to your computer from any website running Adobe Flash (such as sites with video or an interactive application). Designed to locally store your settings for the rich web apps that Flash enables, the capability for the Flash plug-in to allow other sites to store files in a user's computer can also be hijacked by advertisers wanting a new way to track Internet users.
Flash cookies can identify you across different browsers on the same device and, in some cases, have been found to regenerate deleted browser cookies. Because they have far more storage (up to 100KB) than other cookies, they can contain more complex information about your habits. Like browser cookies, Flash cookies are used by websites to deliver a customized experience as well as give advertisers extra data.
Cookie cleaners and Flash player settings
Blocking Flash entirely could be an option with script-blockers such as NoScript (Firefox) or ScriptNo (Chrome). However, such plug-ins stop all Flash and Java on all pages, breaking the sites in many cases, until you can customize the settings so that trusted objects and pages can run freely. This can take a long time and represent a pain for the less technically minded.
If you use Firefox, you can download the BetterPrivacy, which automatically deletes Flash cookies as they crop up (as well as clearing cookies already there). You can also whitelist necessary Flash cookies, such as cookies used when playing a game.
If you're not on Firefox, you'll have to dig into your computer. First, disable future Flash cookies from being left on the machine. If you're on a PC, open Control Panel and click on Flash player > Local Storage settings by site. You'll find the default is “Allow All Websites to Store Data”; change it to “Block All Websites from Storing Data.” Then you can easily delete the Flash cookies by hitting the neighboring Delete All button, followed by “Delete All Site Data and Settings.”
If you're on a Mac, change your Flash settings online at Macromedia by clicking on Global Storage Settings in the (pretty clunky) Flash-based settings manager. Uncheck the box for allowing third-party Flash content to store data on your computer. Then pull the slider for how much data third-party companies can store on your machine to None (far left).
Finally, to delete sites that have already left cookies on your computer, grab the free download CCleaner (Mac/PC), which deletes both Flash and browser cookies.
Sites including eBay use Flash cookies to verify your identity, so deleting them across the board can mean needing to re-enter passwords more frequently.
Dodge tracking you never signed up for
Microsoft recently announced it would not scan any of the content in its Outlook.com inboxes to use in targeted advertising, but Google makes no such promise with Gmail — quite the opposite.
As for the social networks, Facebook, Twitter and LinkedIn track users even after they've signed out — and even if you don’t click on a social media sharing button. The very act of landing on a page with a social-share button means it relays back to the social network. Sophos security blog has a straightforward account of how Twitter does it and how you can opt out. (Remember that opting out doesn't stop ads or the collecting of information.)
In addition, Facebook uses an alternative to tracking cookies called a conversion pixel, which advertisers affix to their ads to see how many clicks they get. So a website doesn't need a Facebook button to let Facebook know you've been there.
Anti-tracker plug-ins Do Not Track Me (Chrome/Firefox/Safari/Internet Explorer) stops a website from sending information back to Facebook or Google unless you actually click one of the +1 or Like buttons. It also blocks other trackers and boasts a clean, intuitive interface for customizing blocking options. The Mask My Email and Make Me A Strong Password features help deter spam and hackers. When you’re signing up for a new account, masking your email address stops potentially dodgy sites from selling your real email address, while the password option creates a hard-to-guess password (that, crucially, isn't the same as one you already use), then saves it in the plug-in's encrypted password manager.
On the toolbar, clicking the Do Not Track Me icon shows how many trackers it has blocked — for me, 666 in under 24 hours.
Disconnect (Chrome/Firefox/Safari/Opera) is a similar plug-in that offers the additional benefit of dividing trackers into social, analytic and advertising categories. A graph shows the time and bandwidth saved by blocking trackers requesting information, and you get the option of adding trusted sites (and their cookies) to a whitelist.
There’s little downside to taking any of these anti-tracking measures. The only thing these scrappy little guys don't do is block ads; you'll still see them, but they won't be targeted based on your previous clicks.
Kill most ads
Many companies (including Facebook, Twitter and Amazon) promise to honor opt-outs for “interest-based” advertising. But while opting out stops companies from delivering targeted ads based on what you've clicked on, it does not stop ads based on general information such as your location or other details you may have volunteered while signing up for the account. Crucially, it doesn't stop companies tracking you and collecting your data.
To prevent ads from showing at all, thus thwarting the purpose of tracking via third-party cookies or other means, try a plug-in such as AdBlock Plus (for Chrome/Firefox/Safari/Internet Explorer), which blocks “annoying” ads: video ads, Facebook ads, pop-ups and the ilk. By default, a whitelist of ads that fall under the developer's guidelines for acceptability is allowed, but you can change this setting to disable all ads.
You can also add different filters to block more or different types of ads. For example, the anti-social filter blocks social media buttons from transmitting back to the mother ship that you were there, neatly avoiding the all-seeing Facebook eye.
AdBlock Plus also blocks trackers and websites known to deliver malware.
Blocking ads deprives sites of revenue, and many websites rely on ad revenue to stay afloat. Unless you tinker with the settings for what ads should be allowed at different sites (a process that may take a long time to complete), you may end up depriving your favorite sites of those caching clicks.
Two-thirds of U.S. search traffic is made through Google, distantly followed by Microsoft's Bing (19%) and Yahoo (10%). While Google's search algorithms turn up highly relevant results for most of us (in May, 31% of all Internet traffic came from Google, versus less than 2% for Bing and Yahoo combined), there's an additional trade-off: Search results are also personalized based on what you've clicked on in the past.
That may not seem like such a big deal until you consider that Google also combines your search history with other information from your Google accounts, such as YouTube and Gmail, for use in targeted ad campaigns. Search histories can reveal highly personal information such as your interests, religion or health issues, substantially filling out the information already compiled from your YouTube clicks and Gmail messages.
Instead of switching to another Big Three search engine, try DuckDuckGo, which doesn't log your searches so that all users get the same results. In our test searches for subjects including current events (“Hong Kong protests”), general knowledge (“why is the sky blue”) and straightforward subjects (Halloween costumes), helpful links turned up in the first half of the page. However, when we typed the more ambiguous phrase “Tuscany fall cuisine,” only Google noted that we wanted autumnal food in Italy, not the town called Tuscany Falls.
DuckDuckGo also offers many of the same convenience features as Google, including a good range of “zero-click info.” For example, type “weather in California,” “650 USD in EUR” or any calculator function such as “square root of 60,” and the answer is displayed above a list of link results.
Similarly privacy-centric search providers include Ixquick, which doesn't store your IP address or search data (and consequently doesn't sell any of your information), delivering results based on what the five major search engines are saying. Two or more stars indicate multiple search engines have relayed the same result. However, Ixquick lacks the uber-convenient zero-click search.
Finally, the Disconnect anti-tracker plug-in also has a separate search extension that anonymizes your searches in any of the Big Three search engines as well as DuckDuckGo itself.
Auto-complete in Google Search has been a godsend when it comes to typing searches for news and factoids you can't quite recall. Not having a search history also means not having those purpled-out links that indicate at a glance which sites you’ve previously visited (handy when you've forgotten to bookmark a great source).
The all-in-one option
Not up to fine-tuning settings, cherry-picking plug-ins and switching to a new search engine?
Get a whole new browser The Epic Browser offers privacy mode as the default and only option. Epic doesn't store web histories, search queries or cookies. Clicking on a plug icon in the URL bar turns on a proxy feature that anonymizes your computer by routing your traffic through a U.S.-based proxy network.
Epic also blocks trackers with a handy pop-up telling you exactly how many it’s blocked — and just to rub its success in competitors' noses, it shows how many trackers exist on the other browsers you're using. On my computer, Firefox had 143 data-collecting trackers (including Amazon, Experian, all the social networks and a ton of ad providers); Safari had 56 (including BuzzFeed, LinkedIn and Tumblr); and my Chrome browser with Do Not Track Me Plus running let through just two (eBay and ad provider Double Click).
Though Epic doesn't auto-fill logins, you can download a password manager extension by clicking Settings (top right) / Extensions. This securely stores your usernames and passwords so that once you've saved account verification details to LastPass, it will auto-fill the login at that site.
It's back to caveman days of manually typing everything in – from passwords to URLs. We found the LastPass password manager an easy-to-use workaround for logins; however, initially loading it up with ID details at all your online accounts may be a laborious process. Importing bookmarks also works imperfectly, though this may be ironed out in an update.
Browsing completely anonymously (mostly)
All of the options we've discussed prevent third-parties from tracking you within and across websites. However, the website can still see where you came from through your IP address, and that address could be used as an alternate means of tracking your activities. For example, a person or company who disagreed with your comments on a site could use your IP information to track you down and sue you for libel.
To hide your IP address from being uncovered, you will need to use either an anonymous web proxy or virtual private network (VPN) service. Both not only mask your IP address from the website you're visiting, but will also prevent anyone who monitors your network (e.g., your employer) from monitoring the sites you're visiting.
Some of these services have stronger privacy options than others, and many are still susceptible to disclosure if they receive a legal subpoena from the jurisdiction where they're located. Read our article on VPNs and web proxies for more details.
Future tracking options
What we do online has value to companies now because of what we may buy if we're shown the relevant advertising. Down the line, we might be the ones negotiating the worth of our web habits.
Encrypt your own web behavior
The Meeco app for iOS recently launched with the ability to log your web visits — where you visited and for how long — and save the traffic into an encrypted cloud accessible only by you. Websites can only see what you click on while you're on them, not what you do after and before, preventing the site from building a profile of you. The software also analyzes your usage patterns so you can glean insight into your habits — the same insight brands buy from data brokers now. Eventually, the idea is to create a data framework where users can offer such data to brands in exchange for loyalty points, discounts or other incentives.
Founder and CEO Katryna Dow says an aim is to help people understand that the value of their data is invaluable — and, at the moment, immeasurable.
A Meeco browser extension for Chrome and Firefox is available in beta; currently, users must manually add favorite sites to the dashboard, then click them in order to launch the site in the browser's (natively available) private window.
Right now, the browser extension does not save the traffic to your Meeco encrypted account (as the iOS app does), but Dow says the company is looking at including the feature in future updates.
Where to draw the privacy line
Being tracked and advertised to by the websites we use is the trade-off for a free Internet. In fact, there are some really good reasons for why you may want to be tracked online,
But not drawing our own line at how much privacy we are willing to give up could mean some companies will crossing that line when it comes to where they scrape information about us. Your likes, dislikes and identifying details taken from email, private messages or personal notes could then be linked (as Google already does) to information from other facets of your online life, and companies or the government may eventually make assumptions about who you are before offering you a service. Whether you find that convenient or creepy, it's something everyone should have control over, not default into.
What do you think? Have you downloaded browser plug-ins to control your privacy, or do you believe that targeted advertising is what makes the Internet go?
[Data protection keyboard via Shutterstock]
11/10/2014: Updated information on Epic browser.